racluster.conf problems
Carter Bullard
carter at qosient.com
Mon Jun 3 09:07:30 EDT 2013
Hey Rafael,
I've been working on some bugs in racluster, could be that I've broken it.
Let me see, and I'll get back at in a few !!!!
Carter
On Jun 3, 2013, at 8:49 AM, Rafael Barbosa <rrbarbosa at gmail.com> wrote:
> Hi Carter,
>
> I am having problems using the racluster() the latest version (3.0.7.10). For some reason it seems not to be doing any aggregation if a pass a configuration file with the "-f" option.
> My test is very simple:
>
> ra -L-1 -r flows.argus | wc -l 3047296
> racluster -f ~/config/racluster.conf -L-1 -r flows.argus | wc
> 3047296
>
> Now if I run the same command using the latest stable version (3.0.6):
>
> racluster -f ~/config/racluster.conf -L-1 -r flows.argus | wc -l
> 238370
>
> The contents of ~/config/racluster.conf:
> #Filter:every record, no record status output, record time out 5min
> filter="" status=0 idle=300
>
> Is this a bug or am I missing something?
>
> Rafael Barbosa
> http://wwwhome.cs.utwente.nl/~barbosarr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130603/d980a8d4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130603/d980a8d4/attachment.bin>
More information about the argus
mailing list